hook
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): Access to sensitive configuration files. The /hook status command reads ~/.claude/settings.json, a file path likely containing sensitive information such as API keys, bearer tokens, or private user configuration.
- [COMMAND_EXECUTION] (MEDIUM): Modification of application runtime behavior. The skill modifies ~/.claude/hooks/.disabled to control which hooks are active. This capability allows the agent to persist changes that could suppress security-related hooks, logging, or performance monitoring.
- [DATA_EXFILTRATION] (LOW): Exposure of application log data. The skill reads from ~/.claude/logs/hook_metrics.jsonl and other log files, which may contain metadata about user activity or internal system states.
Recommendations
- AI detected serious security threats
Audit Metadata